advisor professor frank y s lin present by j w wang n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Advisor: Professor Frank Y.S. Lin Present by J.W. Wang PowerPoint Presentation
Download Presentation
Advisor: Professor Frank Y.S. Lin Present by J.W. Wang

Loading in 2 Seconds...

play fullscreen
1 / 73

Advisor: Professor Frank Y.S. Lin Present by J.W. Wang - PowerPoint PPT Presentation


  • 85 Views
  • Uploaded on

Using honeynodes for defense against jamming attacks in wireless infrastructure-based networks Sudip Misra, Sanjay K. Dhurandher, Avanish Rayankula, Deepansh Agrawal. Advisor: Professor Frank Y.S. Lin Present by J.W. Wang. About this paper. Authors:

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Advisor: Professor Frank Y.S. Lin Present by J.W. Wang' - newman


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
advisor professor frank y s lin present by j w wang

Using honeynodes for defense against jamming attacks in wireless infrastructure-based networks Sudip Misra, Sanjay K. Dhurandher, Avanish Rayankula, Deepansh Agrawal

Advisor: Professor Frank Y.S. Lin

Present by J.W. Wang

about this paper
NTU OPLabAbout this paper
  • Authors:

Sudip Misra, Sanjay K. Dhurandher, Avanish Rayankula, Deepansh Agrawal

  • Title:

Using honeynodes for defense against jamming attacks in wireless infrastructure-based networks,

  • Provenance:

Computers & Electrical Engineering, Volume 36, Issue 2, March 2010, Pages 367-382,

agenda
NTU OPLabAgenda
  • Introduction
  • Existing techniques
  • Proposed solution
  • Simulation
  • Conclusions
  • Comments
introduction1
NTU OPLabIntroduction
  • New medium, new attack
  • Jamming
    • Blocking of a communication channel
    • A subclass of the Denial-of-Service(DoS) attacks
    • One of the most feared forms of attacks in wireless networks
introduction cont
NTU OPLabIntroduction(cont’)
  • Research topic:
    • Mitigation
    • Prevention
  • Categories of wireless network:
    • Wireless infrastructure-based networks(i.e., WLANs and cellular networks)
    • Infrastructure-less networks(i.e., ad hoc networks).
wireless infrastructure based networks
NTU OPLabWireless infrastructure-based networks
  • Components:
    • Base-stations(or access points)
    • Mobile nodes
  • This work is restricted to jamming attacks in wireless infrastructure-based networks.
objective of this work
NTU OPLabObjective of this work
  • Propose an efficient algorithm to mitigate jamming attacks in wireless infrastructure-based networks.
  • Provide an efficient solution that can be easily incorporated in the existing network architecture
  • Achieve better robustness than the widely used Channel Surfing Algorithm by using honeynodes along with dynamic channel prediction in wireless infrastructure networks
jamming based dos attacks
NTU OPLabJamming-based DoS attacks
  • Prevent networked nodes from communicating.
  • Carry out with a “jammer”
  • Classifications of jamming attacks:
    • Physical layer jamming
    • By ignoring MAC layer rules
jamming methods
NTU OPLabJamming methods
  • Constant:

Continuously sends random bits of data onto a channel.

  • Deceptive:

Sends out valid packets at a very fast rate to the nearby nodes. Authentic nodes are thus deceived into believing that the jammer is also a legitimate node.

  • Random:

This kind of jammer alternates between sleeping and jamming the channel of operation.

  • Reactive:

This kind of jammer attacks only when it hears communication over the channel it is currently scanning.

parameters in attack detection
NTU OPLabParameters in attack detection
  • Signal-to-Noise Ratio (SNR):
    • SNR refers to the ratio of signal power to the power of noise present in the received signal.
  • Packet Delivery Ratio (PDR):
    • The ratio of number of packets that were successfully delivered to their respective destination to the total number of packets sent out by the node.
  • Carrier Sense Time
steps of tackling jamming attacks
NTU OPLabSteps of tackling jamming attacks
  • Attack detection:
    • The Physical-layer.
    • The MAC-layer
  • Attack mitigation:
    • Overcome the effects of the attack.
  • Attack prevention(seldom included):
    • Prevent the occurrence of an attack on the network.
existing techniques1
NTU OPLabExisting techniques
  • Channel Surfing
  • Spatial Retreats
  • Using Wormholes
  • Jammed region mapping
  • Spread Spectrum Techniques
channel surfing
NTU OPLabChannel Surfing
  • A spectral evasion mechanism:
    • Move to a different channel of operation.
  • On detection of an attack, the nodes:
    • Change the channel of operation based on a pre-defined pseudorandom sequence.
  • An access point frequently sends beacons to all its associated nodes to check if they are still with it or not.
spatial retreats
NTU OPLabSpatial Retreats
  • Based on spatial evasion:
    • AP are immobile components
    • Move from the region of their current AP which is currently being jammed to the region of an emergency AP.
  • While moving away:
    • The nodes tries to connect to its jammed AP.
using wormholes
NTU OPLabUsing Wormholes
  • Two or more attackers act as a single attacker through a coordinated attack mechanism.
  • With the help of a special communication link(worm hole).
  • A similar mechanism, when there are some nodes are jammed in a network, they:
    • Communicates through an un-jammed medium
    • Afterward, an attack mitigation followed.
jammed region mapping
NTU OPLabJammed region mapping
  • Mapping out the jammed region with a protocol.
  • Based on the responses received by the nodes which lie on the boundary of the jammed region.
  • Mitigate the impact of a jammer by identifying and isolatingthe jammed region, and then trying to determine alternate routing paths for the data packets.
spread spectrum techniques
NTU OPLabSpread Spectrum Techniques
  • Traditional techniques:
    • Push maximum traffic into the minimum amount of bandwidth
  • Spread Spectrum:
    • Spreads the signal over a range of bandwidth in the widest possible manner.
    • Makes the communication very hard to be detected and jammed.
limitations of the existing techniques
NTU OPLabLimitations of the existing techniques
  • Attack detection.
  • Most of the jamming attacks detected are false alarms
  • Some of the solutions allows a portion of the network to become inoperable.
    • These are not very popular,
    • as they affect the connectivity of the jammed nodes
limitations of the existing techniques cont
NTU OPLabLimitations of the existing techniques(cont’)
  • Spatial Retreats
    • Involves physically moving
    • Restricts the mobility of the nodes.
  • Wormholes
    • Requires an additional secure channel between all node pairs
  • Spread spectrum
    • Extra costs for small quantity of information
    • High complexity
limitations of the existing techniques cont1
NTU OPLabLimitations of the existing techniques(cont’)
  • A missing aspect:
    • No prevention mechanisms.
proposed solution1
NTU OPLabProposed solution
  • Providing a mechanism for attack prevention
  • Can be easily integrated into the existing network architecture
network architecture
NTU OPLabNetwork Architecture
  • Involve following components:
    • Base-station
    • Mobile nodes
    • Honeynodes
  • Honeynode is the only new component added to the existing infrastructure.
honeynodes
NTU OPLabHoneynodes

Jammer scans the channel

  • Secondary interfaces on base-stations
  • Guard the frequency of operation by:
    • Send out fake signals on a nearby frequency
    • Prevent the attacks by deceiving the attacking entity to attack the honeynode.

2400 MHz

Honeynode

2405MHz

Base Station

algorithm for proposed mechanism
NTU OPLabAlgorithm for proposed mechanism
  • If the mobile nodes or base-stations detects an attack, it:
    • changes its frequency of operation based on a pseudorandom sequence.
  • If the honeynode detects an attack, it:
    • Continues to send signals on that channel
    • Informs the base-station of the impending attack
  • Then the base-station issues a frequency change command to all its associated nodes.
  • Later on, the honeynode switches its frequency of operation to the new guard frequency.
contributions
NTU OPLabContributions

Jammer 1

  • Introduced honeynodes into the network architecture
  • Eliminates the possibility of base station jamming
  • Base station jamming can occur only when:
    • base stations move from one frequency of operation to another.

2400 MHz

Honeynode

Run

2405MHz

Base Station

Hop

Jammer 2

Jamming

2430 MHz

Base Station

contributions cont
NTU OPLabContributions(cont’)
  • Secondly, they have used a hybrid proactive and reactive frequency selection algorithm for frequency selection.
  • Proactive mechanisms:
    • Based on a pre-defined pseudorandom sequence
  • Reactive mechanisms:
    • Determine the next frequency of operation dynamically
  • While proactive mechanisms are fast, reactive mechanisms give better performance.
contributions cont1
NTU OPLabContributions(cont’)
  • A major constraint on a reactive mechanism:
    • requires an un-jammed communication link between all participating nodes
  • We employ a hybrid technique which follows the
    • proactive approach when mobile nodes or base stations are jammed
    • reactive mechanism in case the honeynode detects an attack.
hybrid frequency selection algorithm
NTU OPLabHybrid frequency selection algorithm
  • When normal nodes, i.e., mobile nodes and base-stations, detect an attack,
    • They use a pre-defined pseudorandom sequence for the selection of the next frequency.
    • This sequence is known to every ‘‘legal” node that is present on the network.
    • A reactive approach cannot be used in such a case because the regular communication channel would be under attack.
hybrid frequency selection algorithm cont
NTU OPLabHybrid frequency selection algorithm(cont’)
  • When a honeynode detects an attack,
    • it alerts the base-station it is attached to about the imminent attack.
  • The base station
    • Maintains a ‘‘blacklist” of all frequencies recently jammed.
    • On receiving an alert from the honeynode, it selects a frequency that is farthest away from any blacklisted frequency amongst the list of available frequencies.
hybrid frequency selection algorithm cont1
NTU OPLabHybrid frequency selection algorithm(cont’)
  • When an attack is detected on a frequency
    • It is added to the ‘‘blacklist” of jammed frequencies
    • For time equal to risk_time.
attack scenarios and respective defence strategies
NTU OPLab Attack scenarios and respective defence strategies
  • Scenario 1: Only communicating mobile nodes are jammed.
  • Scenario 2: Mobile nodes and base-station are jammed.
  • Scenario 3: Honeynode is jammed.
simulation1
NTU OPLabSimulation
  • In order to determine how effective our proposed algorithm is, this work simulated the proposed algorithm along with the Channel Surfing Algorithm, to compare their respective performance under similar conditions.
simulation topology
NTU OPLabSimulation topology
  • Four BSs
  • Each BS having seven associated nodes.
  • The BSs connected to each other through a wired distribution system.
  • During the simulations, communications had been set up randomly between various nodes.
  • Introduce jammers into the scene and measure the performance metrics for various attack intensities.
simulation topology cont1
NTU OPLabSimulation topology(cont’)
  • Simulations were performed with 1 to 3 jammers.
  • To achieved the purpose of varying attack intensities,
    • they position jammers around one of the base-stations (base-station 1 in the figure).
  • Performance of the algorithm was tested on how effectively the nodes could communicate(e.g. PDR).
assumptions
NTU OPLabAssumptions
  • The following assumptions were made about the Jammer:
    • Jamming was carried out by sending large packets at a very fast rate.
    • When a jammer transmits the signal on a given frequency channel, no other communication can take place on that channel till the attack ceases to exist.
    • Jammer scans frequencies in a linear fashion.
    • Mobility of a jammer is restricted to the region of the first base station (the one shown to be jammed in Fig. 14)
assumptions cont
NTU OPLabAssumptions(cont’)
  • The following assumptions were made about honeynodes, mobile nodes and base station:
    • The honeynode interface is assumed to be capable of communicating with the associated base-station, irrespective of the jam status of either (both of them are interfaces of the same node).
    • All channel hops are assumed to be made instantaneously.
    • Mobile nodes were kept stationary, in order to prevent packet loss due to disassociation of nodes from the access point (due to the node moving out of range of the access point) affecting the performance analysis of the jamming attack mitigation algorithm.
results and discussion
NTU OPLabResults and discussion
  • The following metrics were considered for analyzing the performance of the proposed scheme:
    • Packet delivery ratio.
    • Jammed duration versus the simulation time.
    • Jammed duration versus the number of jammers.
    • Control message overhead.
    • Number of channel reconfigurations.
packet delivery ratio cont
NTU OPLabPacket delivery ratio(cont’)
  • Channel Surfing algorithm:
    • A decrease in the packet delivery ratio up to a certain point at the beginning, after which it was nearly constant.
  • Proposed algorithm:
    • Consistently better and nearly constant performance
jammed duration vs the simulation time cont
NTU OPLabJammed duration vs. the simulation time(cont’)
  • Channel Surfing algorithm:
    • Jammed duration grows with simulation time
  • Proposed algorithm:
    • Independent of simulation time
jammed duration vs the number of jammers cont
NTU OPLabJammed duration vs. the number of jammers(cont’)
  • Note: Simulation time: 100s
  • Channel Surfing algorithm:
    • Performance decreases, till the point where it is nearly the same as that of Channel Surfing algorithm, as the number of jammers increased.
  • Proposed algorithm:
control message overhead cont
NTU OPLabControl message overhead(cont’)
  • Channel Surfing algorithm:
    • reduces network performance marginally, over Channel Surfing Algorithm, as simulation time is increased.
  • Proposed algorithm:
    • Less overhead
number of channel reconfigurations cont
NTU OPLabNumber of channel reconfigurations(cont’)
  • Channel Surfing algorithm:
    • A marginal increase can be observed in the number of frequency as simulation time increased.
  • Proposed algorithm:
    • Less frequency hops
conclusions1
NTU OPLabConclusions
  • Proposed algorithm performed consistently better than the Channel Surfing Algorithm, with the worst case performance being same as that of Channel Surfing.
  • However, as the attack intensity increases, the performance of the proposed strategy declines gradually till it converges to the same performance level as that of Channel Surfing.
  • They explored the feasibility of implementing pre-emptive channel hopping within 802.11 to protect legitimate communication from jamming.
limited attacker defender scenario
NTU OPLabLimited attacker-defender scenario
  • Position of BSs
  • Number of normal nodes
  • Number of Jammers(intensity)
  • Mobility:
    • Attacker’s mobility is limited to the range of the 1st BS
    • Mobile nodes is stationary
  • Attack approach:
    • Reactive method
    • Keep jamming till there are no communications on the channel.
    • Linear channel search
limited attacker defender scenario cont
NTU OPLabLimited attacker-defender scenario(cont’)

2400 MHz

Honeynode

Jammer

Jamming

2405 MHz

Base Station

Random

Scan

2420 MHz

Honeynode

Jammer

2425 MHz

Base Station

Jamming

the end
NTU OPLabThe End
  • Thanks for your attention.